> -----Original Message-----
> From: Dirk-Willem van Gulik [mailto:di...@webweaving.org]
> Sent: Saturday, November 07, 2009 12:28 AM
> To: dev@httpd.apache.org
> Subject: Re: TLS renegotiation attack, mod_ssl and OpenSSL
>
> +1 from me. (FreeBSD, Solaris). Test with and without certs (firefox,
> safari, openssl tool). Tested with renegotion break script openssl.
Can I just verify what is supposed to happen with the break script test?
I have built 2.2.14 with 0.9.8l on Solaris 10. I do:
$ openssl -connect wibble:443
...
GET / HTTP/1.1 =20
Host:wibble
R
RENEGOTIATING
Then the connection hangs and I get no further data back from the
server. On http://wibble/server-status, I see:
6-0 17718 0/1/1 R 0.14 31 90 0.0 0.00 0.00 ? ? ..reading..
Is this the intended behaviour? I thought it was supposed to drop the
connection?
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
This message is for the named person's use only. It may contain confidential,
proprietary or legally privileged information. If you receive this message in
error, please notify the sender urgently and then immediately delete the
message and any copies of it from your system. Please also immediately destroy
any hardcopies of the message.
The sender's company reserves the right to monitor all e-mail communications
through their networks.
